We're presently running a PIX 515E on 6.35, with a IDS-4210, and I'm thinking about upgrading to an ASA-5510. Anyone do this, and if so, how do you like it?
I have a PIX 506 running v6.3(1) OS & PDM v3.0(0)141. I have downloaded the upgrades for v6.35 on the PIX and v3.04 for the PDM. When I perform the upgrades on the PIX will I lose all my settings that I have entered in (hosts, VPN settings, access ru...
I just upgraded to PIX 7.04 and am getting a ton of these errors:%PIX-6-106015: Deny TCP (no connection) from 172.22.x.x/58478 to 172.22.x.x/44443 flags RST ACK on interface outsideHere is a session:2005-11-11 08:58:01 Local1.Info 172.22.x.x Nov 11 ...
What's the relationship between inbound interface acl's and application inspection?Do the acl's get processed before the class-map statement creates the traffic class for the inspect command?
Hi, we have a pix 501 firewall for a customer. We've used these with other customers with very little trouble. But this customer needs to be able to access his external IP from within his server because they hardcoded the external IP in their appli...
IPS is installed, working well. Events are reporting by default, out of the box. The next step is to start tuning actions for the signatures. Are there any guidelines for appropriate actions for the different signatures? It would be nice if the s...
Hi,I have just rcvd a 1 Mbps serial Internet link from my ISP. The link is terminated on a Cisco 1801 rtr with a public IP of 30 bit mask assigned 2 it. I have also rcvd 6 usable public IP's with 29 bit subnet masks. Out of these IP's I have assigned...
Has anyone seen the following during replication after a failover?assertion "0" failed: file "stride_list_node.c"software version 7.0.4PIX 525 in active/standby mode with serial failover.I have searched everywhere and can't seem to find anything that...
Hi,First of all, thanks for your time. I have a question implementing active/active failover on a pix with 7.0. I have two pix 535 with 3 ethernets (inside, outside and failover). Until now they were in active/pasive but I would like to put them in a...
Greetings;If you are allowing traffic into your DMZ interface (security 20) from your outside interface (security 0) and your ingress access is controlled by an access list applied to your outside interface, would you need to place an access list to ...
I am experiencing a problem where two servers (specifically a file a server and a Citrix server) are experiencing spikes in CPU utilization (maxing out at 100% util) whenever we take them out of "Test" mode. These systems are running CSA v4.5-1 buil...
Hi,I am new at setting up PIX firewall.. Hope that someone would give me some hints on how to log dropped packets to my syslog server. Here is what i have setup and tested..1) I manage to setup remote logging for my syslog server, i could see PIX fir...
Hi all,I recently upgraded my Concentrator to version 4.7. I can connect with the new client version, but not with the old client version 3.6. will 3.6 work with the upgraded version 4.7?
Hallo all, I have a problem with a cisco pix (535, version 7.0) - and I hope that someone can help me to solve it:In my opinion I should get a logmessage for every matching connection if I paste an log entry to an extended accesslist like:access-lis...
I need to allow outbound access to an IP address on destination port tcp:8443 using https. Simply adding the rule to the rule base doesn't permit the connection even when just restricted by source/destination ip address. Is this because of default...
